password & confirmation required on update

Hello, I have the following in my User AR/model rules:



...


array('password', 'required', 'on'=>'create'),


array('password', 'compare', 'on'=>'create, update'),


array('password', 'filter', 'filter'=>'sha1'),


...


The problem comes in update action, where password is supposed to be optional if users dont want to change it. When users leave password and password_repeat blank, a validation warning is triggered:

    * Password must be repeated exactly.

with focus on password field.

Besides, * sign is not displayed after field name (in case of create action)

Regards, eturi

It is strange that the validation would fail in update scenario if you have both password and password_repeat empty. Try to remove the 'filter' validator first.

The 'compare' validator has the following code that should not trigger the error if password is empty:



		$value=$object->$attribute;


		if($this->allowEmpty && ($value===null || $value===''))


			return;


For the * sign, you need to set CHtml::$scenario='create' at the beginning of the form. In the upcoming version 1.0.4, you can set $model->scenario='create' to do so.

Thanks qiang, tell me if Im right:

If I use your approach, makes me doing the password hash somewhere else, e.g. onBeforeSave event, like this:

public function onBeforeSave()


{


	if ($this->password) $this->password = sha1($this->password);


}


That's ok, but another question comes around:

In order to show password field blank, I do this in controller:



public function actionUpdate()


{


	$user = $this->loadUser();


	$user->password = '';     // empty attribute so it will not be displayed in textbox


		


	if(isset($_POST['User']))


	{


		$user->attributes = $_POST['User'];


		if($user->validate('update') && $user->save())


			$this->redirect(array('show','id'=>$user->id));


	}


	$this->render('update',array('user'=>$user));


}


How to avoid the model overwrites the old value of password with the new one ? (in this case "" string)

you may unset($this->password) before saving the record.

hi i have almost the same problem. when trying to change passwd i get the same error. however i KNOW for sure the passwords match. 2 things i should add:

1 haven't coded much since php3 :slight_smile:

2 i'm using the 'Yii Skeleton Application"

please point me in right direction

dwayne

allowEmpty  boolean  whether the attribute value can be null or empty.  CCompareValidator

Set this :)

something like this: 'allowEmpty' => '1'